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Amendments to the Claims 

1 . (Original) A method of operating an access system including a network access server to 
provide access between a user and a service network, the method comprising the steps of: 

providing an authentication server; 

generating a challenge using a random sequence without communicating with the network 
access server; 

generating a response to the challenge; 

sending the response to the network access server using an authentication protocol; 
forwarding the response to the authentication server; 

receiving and processing the response indicating whether the user is allowed access to the 
service network by decrypting the response using a user encrypted private key. 

2. (Original) The method of Claim 1 , wherein the challenge is generated based on time. 

3. (Original) The method of Claim 1 , wherein the challenge is generated based on a non- 
repeating number sequence. 



4. (Original) The method of Claim 1 
authentication protocol. 

5. (Original) The method of Claim 1 

6. (Original) The method of Claim 1 

7. (Original) The method of Claim 1 

8. (Original) The method of Claim 1 



, wherein the authentication protocol is an indirect 

wherein the authentication protocol is RADIUS, 
wherein the authentication protocol is TACAS. 
wherein the authentication protocol is TACAS+. 
wherein the authentication protocol is XTACAS. 



9. (Original) The method of Claim 1 , wherein the response is generated using public-key 
cryptographic algorithm and encrypting the challenge with the user's private key. 



10. (Original) The method of Claim 1 , wherein the response is generated using symmetric key 
cryptographic algorithm and encrypting the challenge with a shared secret. 
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1 1 . (Original) The method of Claim 9, wherein the user's private key is stored in a smart card 
device. 



12. (Withdrawn) A method of operating an access system including a network access server 
with an established authentication protocol to provide access between a user and a service 
network, the method comprising the steps of: 

providing an authentication server; 
providing a challenge generator; 

generating a challenge through a communication channel outside the authentication 
protocol using a random number sequence using encryption by a user public key; 

generating a response to the challenge by decrypting the random number using a user 
private key; 

sending the generated response to the network access server through the authentication 
protocol and to the challenge generator; 

fonvarding the response to the authentication server; 

receiving and processing the response indicating whether the user is allowed access to the 
service network by decrypting the response using the user encrypted public key; 

providing access to the service network to the user in response to the authorization 
generated by the authentication server. 

13. (Withdrawn) The method of Claim 12, wherein the authentication protocol is an indirect 
authentication protocol. 



14. (Withdrawn) The method of Claim 12, wherein the authentication protocol is RADIUS. 



15. (Withdrawn) The method of Claim 12, wherein the authentication protocol is TACAS. 



16. (Withdrawn) The method of Claim 12, wherein the authentication protocol is TACAS+. 



17. (Withdrawn) The method of Claim 12, wherein the authentication protocol is XTACAS. 



18. (Withdrawn) The method of Claim 12, wherein the challenge generator is configured to 
generate and transmit a challenge query. 
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19. (Original) A software product for providing access between a user and a service network 
access equipped with a network access server, the software product comprising: 

Authentication software operational when executed by a processor to direct the processor 
to generate a challenge without communicating with the network server, encrypt the challenge, 
receive the user response to the challenge, process the user response to determine if the user 
is allowed access to the service network based on decrypting the user response and matching 
the user response with the encrypted challenge, and provide access to the service network to 
the user in response to the authorization response that allows the user to use the service 
network: and 

a software storage medium operational to store the authentication software. 

20. (Original) The software product of Claim 19, wherein the user response includes a random 
number decrypted using a user private key. 

21 . (Original) The software product of Claim 20, wherein the user response includes a non- 
repeating number sequence decrypted using a user encrypted private key. 
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